What's wrong with this authentication scheme?

Question

I am not a security expert, just a passionated developer. In The definitive guide to form-based website authentication it's made very explicit that only SSL or strange and complex algorithms are practical for protecting login data from eavesdropping. So in my complete ignorance of computer security I can't see why the following authentication scheme is unsafe:

1. Upon login button press, through javascript, the client asks the server for a long-enaugh random string
2. The client hashes both the random message and the password (which has not been transmitted).
3. The client encrypts (through blowfish or your favorite algo) the random message hash with the password hash.
4. The client send the resulting blob to the server
5. The server decrypts the message using the password hash stored in the database (because we keep hashes not password themselves ;)
6. If the resulting hash matches the original message hash the client is authenticated.

Where is the trap that I'm not seeing? The password is never sent through the net, nor is it's hash. The server only keeps password hash...

Answer 1

You don't need a password to authenticate through this scheme, only the hash of password. So hash of password is actually a plain password from encryption side of view. So:

• Salt and hash(pass+salt) may be eavesdropped, pass is one de-hash away
• Server stores plain passwords

And that's without taking into account that unencrypted connection is always vulnerable to MITM